The 40 bytes you're seeing might actually be 20 bytes:
9699dc843a1608b4 That's 8 bytes, not 16. If all the examples you've seen produce 28 byte digests, they are probably using sha224. $ echo "28 * 8" | bc 224 :-) Try using "openssl dgst -sha224" instead of sha1. yours, Julius On 2/26/07, WCR <[EMAIL PROTECTED]> wrote:
Hi Julius Thank you for your prompt reply. I hope you can help me, I'll try to explain it better. I need to generate a soap envelope, see a correct example attached. Example message has been provided by the service provider along with a digital certificate in pkcs#12 file 10698.p12 also attached. This is what I'm doing: First: Convert 10698.p12 to 10698.pem openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes Then I can stuff my message with the X509Token. So far so good. Next: I create a digest of my data object #MsgBody. The input to the SHA1 digest function is the text between and including the two elements: <EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached example. I have tried both: openssl dgst -sha1 mydata.txt > mydigest.out - and - openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out No matter what text is input, the result is always 40 bytes long. In all examples given to me, they are always 28 bytes long. I thought at first it was because I had not used the -key 10698.pem in the first command line, but both results were the same. The next step is to sign it. The signature lengths vary so no problem there yet, but my digest should be 28 bytes not 40 bytes. I must be missing something or perhaps I need a holiday. Any suggestions, even holiday ones, would be appreciated :-) David --
yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
